What are you guys using for firewalls at home?



ryanvade

Moderator
Staff member
Gold Supporter
I've been using the default firewall in RouterOS on my microtik routerboard.
 

Steve

New Member
Currently just using the firewall that is in my router, but will be moving and will take the opportunity to switch to a pfsense firewall.
 

KarlLinux

New Member
I too am interested in setting up a home firewall. I am considering pfsense and untangle. Been watching YouTube videos on both. Untangle seems to be easier to use with few advanced options. I will try untangle first seem as though you have had no problems with it. I plan to put onto a cheap low-powered PC I can get my hands on and see how it goes.
 

lethargos

New Member
I'm using csf/lfd. But I'd have liked something even more customable, such as automatically banning any IPs from which root ssh logins are attempted. But I like the fact that it's on top of iptables.
 

Rob

Administrator
Staff member
I'm using csf/lfd. But I'd have liked something even more customable, such as automatically banning any IPs from which root ssh logins are attempted. But I like the fact that it's on top of iptables.
csf/lfd bans failed login attempts as long as its x times within x seconds. You can tweak it in your csf.conf. I think by default, it's 5 times within 300 seconds.
 

lethargos

New Member
I know and I've already tinkered with that. But the user one tries to log in with is not a criterion for lfd, at least not by default. What I'd have liked was an immediate ban for anyone trying to log in with the root user. Some time ago someone suggested adding some perl code in order to match 'root', etc. Rather difficult - I'm still not sure if I'll ever learn perl, but maybe I'll try. Now I'm struggling with awk :)
 

Rob

Administrator
Staff member
You could set up a script to keep an eye on lastb (type lastb, it'll show you failed logins) for the root user and ban the top 10 (or 20 etc..) in csf..

First step, find the top 10 offenders:
Code:
lastb|grep root|awk '{print $3}'|sort|uniq -c|sort -n|awk '{print $2}'|tail -n 10
Then, ban them w/ csf like:
Code:
for m in $(lastb|grep root|awk '{print $3}'|sort|uniq -c|sort -n|awk '{print $2}'|tail -n 10);do csf -d $m;done
Put it in a script in /usr/local/bin/ or something and call it from cron daily.

Note: to see the staggering amount of people trying to log in as root and showing their attempt count, type this:
Code:
lastb|grep root|awk '{print $3}'|sort|uniq -c|sort -n
Rob
 

Members online


Latest posts

Top